Archive For: Uncategorized
Welcome to Part 1 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect. Before diving into the security features of WordPress, it’s critical to understand the underlying request architecture. WordPress is... Read More
-
January 15, 2024
Categories:
-
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that will be executed whenever a user accesses an injected page. Later on January 10th, 2024... Read More
-
December 11, 2023
Categories:
-
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register as a researcher and submit your vulnerabilities today! On November 8th, 2023, Wordfence launched a... Read More
-
November 9, 2023
Categories:
-
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 79 vulnerabilities disclosed in 64 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 22 Vulnerability... Read More
-
September 19, 2023
Categories:
-
On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations. We received a response three days later and sent over our full disclosure on August 23, 2023. A patched version of the... Read More
-
August 10, 2023
Categories:
-
Last week, there were 29 vulnerabilities disclosed in 24 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 18 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with... Read More
Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in WordPress plugins so we can help developers patch these vulnerabilities before threat actors... Read More
-
April 19, 2023
Categories:
-
On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using... Read More
WPSanity.com Finds Passwords A Problem We find that almost 25% of the sites that come to us having been hacked would have been safe if they had used proper passwords. It’s very simple to create secure passwords that are easy to remember and will comply to secure password standards. Introduction Creating a secure password is... Read More
Based On Our Experience Here at WPSanity.com and our parent company Tech-Line.com, we have found 5 issues with WordPress website that seem to be the primary source of security issues. I thought it might help to share these with you. Introduction WordPress is one of the most popular content management systems (CMS) used to create... Read More
Tap To Call